5e57f565fe4a1229e9a295262725fa02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e57f565fe4a1229e9a295262725fa02_JaffaCakes118
Size

40KB
MD5

5e57f565fe4a1229e9a295262725fa02
SHA1

d2f69235324daf9543b26f1e1e6af8d9620918d9
SHA256

0ecf05de45ca36d984223685583e010fd5610eab9063465351b00faa65d3b258
SHA512

5c48044766f1baec489c757fc08573f4c2205da7a36273b90d59aab45310aaf71c4eceb85e3ee7cff20d6232a55611a7c735d759478e0c87b7b9a0a080adcb58
SSDEEP

768:gFlP5+HpL4MiJtIX17KtN74xj9mUlmiBrEAvPoAqCGLG:gzAHqFixAcj9m6/BrPvAG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e57f565fe4a1229e9a295262725fa02_JaffaCakes118

Files

5e57f565fe4a1229e9a295262725fa02_JaffaCakes118
.dll windows:5 windows x86 arch:x86

990d9bd8a4f7184192cdb76a2c6dd4ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeResource
GetModuleHandleA
GetProcAddress
FindAtomA
VirtualFree
LockResource
VirtualAlloc
AddAtomA
FindResourceA
SizeofResource
LoadResource

user32

VkKeyScanA
UnionRect
WindowFromDC
TranslateMessage
wsprintfA
UnloadKeyboardLayout
WinHelpA
ValidateRgn
TranslateMDISysAccel
UnpackDDElParam

advapi32

CryptExportKey
RegCreateKeyA
CryptSetProvParam
RegEnumKeyA
RegEnumValueA
RegUnLoadKeyA
CryptHashSessionKey
GetUserNameA
CryptHashData
RegDeleteValueA
RegQueryInfoKeyA
RegSaveKeyA

Exports

Exports

lrrhyb
mgnqcfovoc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ